Captcha Deployment on load balanced server

Hi Jessie,

The standard approach for configuring the RadCaptcha control for a Web Farm environment is described in this help article.

If you want to use another storage medium for storing the CaptchaImage object, you can achieve it via the following method:

1. In the Page.Init I retrieve the text code from the CaptchaImage (CaptchaImage.Text) stored in the DB, cookie or Session (if any CaptchaImage).

2. In the Page.Init I create an ASP.NET Image control, and set the ImageUrl to the path of the HttpHandler that serves the CaptchaImage. The Image is added to the Page.

3. I create a custom HttpHandler (CustomNameSpace.CaptchaImageHandler in my case) that will serve the image. 

4. In the web.config, the following markup is added to register the handlers

5. The path (highlighted in the sample) can be any path chosen by you.

6. On a button click I compare the text entered in a TextBox to the one of the CaptchaImage and display respective message.

I have attached a sample project that implements this approach, so that you can use it as a reference for incorporating the suggested solution. In my case Session is utilized as a storage, but you can easily change it to a cookie if you want.

All the best,
Slav
the Telerik team

Hi Slav,

Thanks for the reply.  some follow up question.
How to setup the captcha properties?
Also could you elaborate more on how can I utilize cookie as a storage.

Thanks,
Jessie

Hello Jessie,

As I explained in the previous post, there are two options for configuring the RadCaptcha control so that it can be used in a WebFarm scenario.

• The first approach is the standard one, which is usually used in such cases. To setup the RadCaptcha you should set the ImageStorageLocation property of the control to Session, configure the web.config as demonstrated in the following code sample and ensure that out-of-process session state management is used, as explained in this article.
  <configuration>

      <system.web>

          <httpHandlers>

              <add path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResourceSession" verb="*" validate="false" />

          </httpHandlers>

      </system.web>

      <system.webServer>

          <handlers>

              <add name="Telerik_Web_UI_WebResource_axd" verb="*" preCondition="integratedMode" path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResourceSession" />

          </handlers>

      </system.webServer>

  </configuration>

• The second option is to store the CaptchaImage object in custom storage medium, and to serve the image using custom HttpHandler. After further inspecting the case we determined that a cookie cannot be utilized as a storage for the RadCaptcha image. It is not possible to save the image in a cookie and the image itself cannot be recreated by storing only the validation code. You can still consider saving the captcha image in a database, as it is a much more secure approach. To do so you should change the method for retrieving and storing the CaptchaImage object in the following sections of the sample:
  CaptchaImageHandler.cs
  CaptchaImage ci = null;

  try

  {

      ci = (CaptchaImage)HttpContext.Current.Session["CaptchaImage"];

  }

  catch

  {

      app.Response.StatusCode = 404;

      context.ApplicationInstance.CompleteRequest();

      return;

  }

Custom_Captcha.aspx

private CaptchaImage RadCaptchaImage
{
    get
    {
        return (CaptchaImage)Session["CaptchaImage"];
    }
    set
    {
        Session["CaptchaImage"] = value;
    }
}

Greetings,
Slav
the Telerik team